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*fg0J3te> ^/ U - • b ^ h >Wmizmr3% U7^f^f7*- yXfA©^ 

10 

zrLx^%mt>\zfo. ^£Lxmm-znz>m^mim^M<D$:±®. cm«\ ^ 
4kmm&m.^mw?%w&\zm^z> m^m a*, Mm-r^mmz<D^nm 
20 i>znx^z>z.L<Dmnm tc&#-r& %t-ox. mmzntzmtm 

§:tfx. ^mmizi$T%m&&MTmm*mQm^7.^2±xhz> u x^-tv 
z/7.^(DWjftmm&itiMtisX. tttimmmvizm&'znx^&ft&fr 
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R^jKfi8cfe&^t#, ^(disxt-aw t^oo mmsm&m. 

®.W%mt. mm~. mmm. "So l v i ng a Un i f i ca t i on P r ob 1 em under 

10 Constrained Substitutions Using Tree AutomataOy U — • t-h^h^ffl^ 
rz.m%>H&Xte&Vt2>&— itmmomm" (Journal of Symbolic Computation 
23(1), pp. 79-117, 1997) Ciw^nTV^. 

_k3BCDj&i*&3SS31£fc:£&i&*, David Monniaux £<k£> "Abstracting 
Cryptographic Protocols with Tree Automata^ U — • h ^ h >\Z.^^>VU^ 

15 fflit^a h n ;KD#ai±Ubi£) " (Proceeding of 6th International Static 
Analysis Symposium, Venice(Italy), Lecture Notes in Computer Science 1694, 
pp. 149-163, 1999), %X$ Thomas Genet, Francis Klay \z&%> "Rewriting for 
Cryptographic Protocol Verification (Rt^-ffld^P h u)V%iU<Dtz.#><Dm& 
%d" (Proceeding of 17th International Conference on Automated Deduction, 

20 Pittsburgh (PA), Lecture Notes in Computer Science 1831, pp. 271-290, 2000) 

zvmit, ^-rvhmmtum^u^o i^-i©»x*iNPUTt 

25 ioT, t-bTh>^ MiK^e»m^«T^^Mofe^ INPU 
Qf, A) ttm^nZo 2«A* (I2#) ©Ifc^ QW3R0#*tt» 
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mscti&stttin ^(DM^ztt-tzwm^ wztoiM'&^miztttz 
5 iEfliju/y--=a— Kh>yi jEi9tt©ftfr&«t-r^y- • 

wgH^ift ^jn^n-m, mmm^T&mmzmm-r^ z.^\tm^ 

15 #JiItcHbTfe^i;^)Fp^lr$)^o 



>s^©iaii«t^^> y y^T^sf ^^&<Dmfc^m\zmvT.T&W'v\tf3i< , 

% i ©sfcwty y — t-Kh >%£j$r?z>mwm. ttmm i ©sestfty y - • 
t-h^h y&mm?-? t ux, MiB#mmy©m^R^fe^3©m^©T 
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u-.t-wh >*^firrswR«, HutBB i omany u - • a— b^ b > 

3 (DiitiM, MfHa#©££\ «fc&ai©lfe^ ^S©^ 
^©3l£\ Rtm^i^&53g©ii#K:«fcoT^b$n& U7^^- 

^tT^m^feO, HtifB&S©^©TT, Huf3«©^£^ST£S& 1 V>m 
U — >^MTS^ 1 ©X5^ 7, fufBffl 1 ©#5£#y U - • 

t> & ^*r 6 ft5*^tiiBso^ *sat ass 2 

25 ©#3;#!y u-'t-Kh >££j&T£fg 2 oxf7 zf. msmvm 2 ©^ 
# >y y - . b^ b >£> Mf2&^M^£&&^©S£-£^gT?>ffi 3 ©^ 



WO 2004/010639 ^^7JP2003/009153 

5 

§^2©yp^7A3-H, jttB»10^y«jT. ^-h^h>£*D»^- 
*^W©^6 ©S8filfc:«kn«, l5$cfB^©Sl§r, «&siij©^ &s©m^ 

1 ©^a^7A3- h\ 3mMmzfm&m<o&*mmtt&mz^<Dm&<oT 
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© 7a ^7A3-h, mam 1 ©#5£#y 'J — t-hTh >&®M^— & t b 

5 3 ©:/d ^7^3- h% Rxswmm 2 u - • a— h 

10 ^©il-&, Rt^^^t^:§^©m-&t«toT^$n^:^JIIS©A^^^^# 

£-©tt\ wmm<Dm^^mr^m 1 ©#5£#y u-'t-Kh >££j&-r 

5£#y 'j-'t-Kh >*JSit sm^^n^s^swr-r 4 ©y □ 

*^©B8©^fc«kn^ nmts^©^> mwmm<DM&, 'awom-s. 
moms. mm&^£fc%m\z&^Tmfrznfc^M<DA*&&nmirz>m 

25 t?, mtm<DM&*gm-? z>m 1 ®^#ry u^-t-hYb >&&mt z>n 2 

T, MfB*m^IiJ©S^tKtai2^S©m-&©TT, WI3«e^ll^6«^r S 

^e>^sm^ts«rfB^©m^t^s*rsm2©^#^u- • t-h-?h> 

££j?rr33l 3 <D~?a ^7A3-F, MniufEffl 2 ©*?5£#y 'J--t-h7h 
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cpuin ^m^mzmr^mmtn k mm& 8y>5a 3 >sc 9 , 
5 msm-^mwrn io«, c p u 1 ^ ^ ©t^^gtt-r, w&t & <t -5 ^^^a^ 

— mzmm<D^mfrZfe&M&£VTmmT&^t\z^tz^ 0 tot, t&aE© 
20 jm^wkwu mt(Dnmtfsi^m^mm^im^A<D^. 1 t^-r 5 <@<£>fB-^©m 

13^ { } MZ-U {Li} »L1, L2, L3, fcii&mtfiM 

m t?2>m&*m- z\t 

25 P= (F, {Ri}, U, {Ki}, S [j-k]) • • (:£l) 

Z.Z-T\ PteBf^®ff^JiI£*fc>U US, m?:|»i:l/T, 1^ i ^m£r 
«fcU j, kJta^T^ttS<Z)IEtf>Mi££T3o 

F, Ri, U, Ki, S [j-k] fct ±xm&&mto F\-m*mm* m& 
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«7-frk£) taa&mr? mm^i <DM&. r i (i = i~m) \t r#gy&iijj 
<DM^ utt r^sj o)M&. Ki ( i = 1 ~m) tt rjjj (fl|*.fck It 

5 u <D^&rc\tm!k(D^<DMttT?mm2tiz> 0 s [j-k] Kj 
^ioi^uh 3^miij, %^m*mm£'T%M'£x~&Q, «x, y^-r^. 

10 : x + y = y + x 

Ifetrm : (x + y) +z=x+(y+z) 

^tci^ts. iieiT r+j «io^^-rS3-^-T^v^„ 

#§^OS^^t)bTV^ (£TF> ^l/^^ifB-T)., M?IU, 3S#A, B*« 
15 PS#flm*ffiStd^«IT5»&, £#A, BOtl/>yy^Kl> K2tU 

trcatt-s tTc©^^ ^ "t-^^ensj t v^ttHtt,«susflijrD (x, 

E (x, y)) ^yj CioTtfo^tll), ££T£:l=Pte, ^PP<Z)fe#J(Z)^^#Jj 
25 ©3ST»$tfe A 3 d <h^T # £ H £ £^fc> IT^5, 

£*f\ X^^^2 Ofc^wr* CPU1H A;M5£^bT, ^SEM^te 
*#0fcHT*flm, fin-fe±IBbfefB#fc«t^^f3 (F, {Ri}, U, {Ki}, 
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S [j— k]) (DAJj&g:tftt\% 5l»bfcA*"x-^*rakg|53fcfB&*rs. ZL 

5 t«^x hM©*s®i^n§. 

X^^y2 1tC*3ViT> CPU1H ^yy°2 0TfB^gB3 fcffi&Ufc-T*— 
10 Igtfc^T^U 2^6^-Uy$? {K i } Rtf&SU£3l#U ^©tUy 

snfc<Ka#^y u— • Kh>Aifi cpui ^UT^tu 2 <om^m. 

15 -5 "Solving a Unification Problem under Constrained Substitution 

using Tree Automata (yij- • Or— hY h >&m^fcUMtttA\Z&tfZ>m-- it 
T$M<Dffim" (Journal of Symbolic Computation 23(1). pp. 79-117, 1997) & 
E \Z& o T4>£JT& 0 , d 0^»®itoa»&ft5flC <h o T§1T$5 © 

20 mmu 8 a*aj*-rs£* ©a i ^iu©tt, Mj^rr^Jfi^T&s-?- w 
AS^ii/fc^o, ^u--t-h7h>tn yj-fflBts^rr^T 1 -^ 

T£^S^f&3£T3C:<t£:gLW3o #J;lfc£, ^ T1 + 2J ^ T2+U <h 
SWfc^fcrrfc&fcitok £® r x + y = y + xj jWfcgiifc:*. IrIEIKU ^ r<i 
+ 2) +3J £^T3 + (2 + l)j t&mffitfrtertrclblzU, x+y=y+x 
*4Kfe?n&-\-fr'?&Z>o 'AM T(x + y) + z=x + (y+z)j #&3S£&5 
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<du> mx\tm r(i + 2) +3j tm n+ (2 + 3)j t^mm^^rrm^ 

•vfr&o z\z\x. r+j KMWP-c&o* ia^M^t^>h(DXUU^ 0 rm 

10 h>«hbXlSjz!i$n^>o 

£Ui<£><i;5^ ^7^2 21^^ »SRSB8fck <D3Efo<DW&<0'}'\s 

*^f*y U— • h>A i ibTiBiTrs. ctKCfc^T, m-&K i \zm 

15 L/tt5ut^f§. 

Xt^^2 3tefeV>T, CPU1H ~>5n.l/— v-a >»©#^n— F2r> 
fc«koT^nfc^:#y <J - • h7 h> (AiK rMxyv* {K 
i} Rt^&Uj&^&Snfc^U 2±©TFl/Xlf$g<*:#k:> zsm 

Kh> {Ai} ^f-^tL/T, »0$gb«l3K:<fcoT, #3I£n^:M/ 
25 y i?&gMT 2>m?£tty U-'t-hTh > fc^jfrT £ . -> ^ a. V a >3B 9 

^OSbMSOijS^ 4ff*f?hyU- • :t-hTh>j»fab&<&ofc<h¥iJI^ 
bfc«^ ^CDP#*(D^#iy«J-- ^-h^h> {Ai*} fctftoU JRjfcb 
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m 3 ±m\stz.m£tty u- • h-?h> { a i * } (D&mz&^x. m 

tlX^Z> 0 A^lifcteU «e&£IJUJ(D 1 ~3<Dmm (1 — rh R^#7'J-'t 

-Kh> (a/ac) t&d> m^?i^^^o^s;#!yu--^-h^h> 

(B.^/AC) 

wmmm-vUs im<DmmizttTz>mmmti>x. ao i'A^§i^©iiiTfe§ 

10 ly'J— • hTh>A^i!7 bU £^S, T^ty ht5 0 Tteu 

Attm<DmT$>z>mWkMM i - r ©ses ( i ( r \zm^-tz>) 

15 ip, fit^o s§ i 2 ao-sra, IrI— <Dmm\zm-3^-cmw&ft5 <dx. 

©*fr«, mm p u h#b©*^^t&^#t&£ 0 
mz. mmvtzmmixDmmzn* f » ^^i^^^^t! t n <t 

20 LT> ^p^^T^^O^f (t lf .... t n ) £i£l±Z>t%. 

^iU^oT, L (A./AC) i^^n^-r^T©]l^bT»m^tf^il<i:fC 
-tot, 3^©^L (A 1 + 1 /AC) £#£ 0 
#^1IJ : f (c* 1 ,, c^J c p llp 

mom-en. (a 1+1 /ao f^s^ffl^e,nTv^picfB^T^-g>^^ 
-z<Dmjc\zmftznT^z>jjmx\ A i &mzA i+1 &mm-Tz>z.t&x%z> 0 
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£fflwrt^§. Parikh (DH^b£:?j}£te, "On Context-Free Languages" (Journal 
of the ACM 13(4), pp. 570-581. 1966) ^H^$tlTV^CDT, CCT«fBm^ 

^j^iicA/Ac £lt, ±mvrz.mm^imn^\ ttt>(Difc%&mbz>z.£.\z& 

oT, 10^a(CffiSbT^?5$nfc:^-l/^^^ST^#S;#U/U- • 
h7h>Ai* ( 1 ) ^#Stl5. »&nfc3&5£#y U--t-Kh>Ai* 

(1) £A*3l$cA/AC tLT, Mii«t?>uttJ;oT, 2 0©^1 

is fc*i^uxj£5S$n^^-i/^^^s-r^#^:#iyu- - t-h-7h>Ai* 

(2) imznz. z\<Dmm&mvm-rz\t\z&vT, ttmatitti-uy 
5?&3mtz>mi£tiry u--t-hTh>Ai* ( n ) ^sns. 

y$aV-m ±CLfc«fc'5fc, f^U--t-h-?h>Ai * (n) 
^, 1 mm<Dm^,Hy iJ--t-hVh>Ai* (n - l ) frhmikVtcfr&fr 
20 fc<£oT, iR5&£*!l0rT5o iR^bfci:*J»fbfc«^> A i * (n) ^iU 
SlI>*«^IiJR iO^frOTT, Sl©tl/7^K i ^&iit5±T©^6 
teZm££1BmG>±lsy5?K i t&§Si"S^#^U - • t-h"?h>Ai* 

25 i } izm^Lxn < ^ 5/5 a. ^ 3 >U 9 teT^ 7^2 4 HT, 

mjto^ (&3u&zmgysa&i {r i }) (dtx\ ^<Dmm^mt^m±<D^uy 

y (K i } *«f*ftyU— • sh-h^h> (A i *} tl/Tlffi&ET*. £m«U 
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uxfeiRm t$m-v tr^o tc.m^, Jtx$t^o ^ £ t &m ^i±^^iR^=i- 

5 X^^7°2 5^43liT, CPU1I1 ->$al/- v-a >g& 9 ^^{gl-fc^- 
7.^v72§\Z#>^X. CPU1H WiW$M£fcZ>m<DM'&S [j— k] # 
IfciKb&<k"3fc, ;&SE*t&£fc:53g©&^S [j-k] jWHyfe^T?fcV>«£K: 

8»&fl!N8*«WlSTf*S«^, X^y:/2 7K43Wr, BdSIKfcju #g#C©« 
S^S [j—kL #J;U£S [1 — 3] &^ ; EU23^6tt*mU #*©S*36«<» 

tc?— 2 (Di^mmzwrr&o z<dl^, &mmtuz>m<DM-& 

S [1 — 3] O^f n^gifef^^ U - • t- h7 h >A 3 * t T§1 
20 Stl&rt^fc*^ ffifikSnS^-^tt "0" S^D+O^fc^fcl 

U — • Or- V? h >A3 * t^oTgl^tlfc^, JE&SnSx 

&£2^£:fc;5^©&£S [j— k] ^M-B-T^V^-B-, Xx^^2 8tC 
25 ^fT'So 

Xf^"/2 9 \Z%> WT, ft-^SOIW 10H C P U 1 bfc^^E U T H 
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f^^m^m^^m-r^m^ny^- b-?h>s [1—3] £j&#u a 

3*hS [1-3] £&&&\sTm&ttyV--*-b'?h>W&2zJfcrz>o - 
(D^mt, #^©^--h^h>^,fc^T§S$tl?)2^cr)S-& (A3*£S [1 

—3]) (A3 *ns [1—3D ^fescttcffi^-rs. wt>. 2-d<dm 

5 ^©ffcilgfcfr (A3*nS [1-3]) \$ % ^#7U--t-h-7h>W(Cgl 
S4fi, 2o©7'J--t-h7h >££-J&-T3#i£<E>— W&RWT* KITS 

^>o m&mj&tf&mw&Y)^M£>&&m?%2^<D*-b'?b> (a/ac b 

/AC) ^bfct-hYb>0ltIIlJH H4fcwlfc4SSORx-Rg* 
10 ^trfrfcfeOfc^S. Mffitl: £ "Beyond Regular! ty : 

Equational Tree Automata for Associative and Commutative Theor i-es GEIUtt 

(Proceedings of 15th International Conference of the European Association 
for Computer Science Logic, Paris (France), Lecture Notes in Computer Science 
15 2142, pp. 539-553, 2001.) fc:fcVvciB^$nW£©T?, ZLZLT?Y3$3ffi&&9& 

U-.^-— h7b>W^It5^A3*flS [1-3] «^ 

20 Kftn^n-h^cpuin^iu £M&xtsi\,*zimmTn\&¥&u-b& 

CPUlfcfiitS. 

q a> , m%tt£a:& zm&tty u h h > a/ac omrm^ p fcpjjg 

plf^^^JUfT^cit^oTff^n^o JWWflfcfciu yV--*—b'?b 

•^by&B-it-TZ. (AUB" 1 ) /AC £SJ£AC$m^£2«&bfc£^ tfJB 
Q^6««p^©5iJilFllfittWu ^#^U--^-hTh>A/AC j&t^e,^© 

&T:R«BQ*>e>&7ttS8p \zmm~?2>m&&WrW't2>mfc$>JjmZ, Richard 
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Mayr <h Michael Rusinowitch \z£.Z> "Reachability is Decidable for Ground AC 
Rewrite Systems (XJg A C (D£iJ3g aJiigte) " (Proceedings of 3rd 
International Workshop on Verification of Infinite State Systems, Aalborg 
(Denmark), 1998) KffljSSnT^SOT, ZL Z.xmm^%^t^>o 
5 X^yZ?3 llZ&^X, CPUlli ^^6(C, U±<D^y7X<D$mffi 
M:\ZJfoCtcm^%TZ>o CPU1H (7^^/2 5) 

mvr^m^.MMo^nmmmmomE^x^m^z. ££^-r£ 0 cpuiji 
y°s 2 7 •voimmoimzkt lx^ u 2 KgB^snfc^-^a*" 0 ** m& 

10 %mm^%mK>iz&^x&±X"&z>z\£&mmL. "1" (gs£^-r) 

mmttM<DvunmmmM&&±xi$t£^zLL&m^-tz>o cpuih ^yy° 

T-&£ ct^U HftSfll bfc^> ^gE^©Bt^®l»#M«^c 

^Tr^^dt^^-r^o £JU©#ig©^ CPU1H ^fc^DT, j*^ 
15 U 2±^-BtlB^$tlfe5 s -^^rfB^g|53^fE#b, Bt^iM¥J®©^^SE 

.LSBbfcSJiRfiP 8 , a l^— >a >g& 9 &xm$&&ffi 1 0 <Z»£te> V 7 
h^niTJCfcoTH^nTfe^Vi. IP^. CPU lifi. ±fBLfci81Rg&8, >- 
5 U- > a >£B 9 Rtf&^SdSIB 1 0 ©MS©-^X«±T^Hff *T £ «k 5 13, 
20 CPUltMt 53>lfa- ^^D^7A3-F*4lSU CPU1»3> 
fc° ^l— ^ "7°D ^ 7 A fcUffr £ <k 5 \Z VX % <k V*. 

#f£BJ3£ Diffie-Hellman Mti&mm¥mte&mtttttt\t*Tl&wrz>. 
25 Diffie-HellmanMBt^ii^Mi^ ^fcA, BOfcTOt^ilff Rf 

Diffie-HellmanMBt^l«^JIlIlC^ViT, £#AWu ffiftfclgftl,fc;*:#V>jE 
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^Mb, Y&^&Aizmm-rzo 

X=g x mod n 2) 
5 Y=g y mo d n • • • • (i£3) 

z\z\7?, nttffiKD^t^irao, rmodj umi^mto m?u£. 

a mod b te\ a^bTibfel^J^^l/TV^. 

k = Y x mod n • • • • (i£4) 
k' =X y mod n • • • • (5£5) 
ft^m^kR^k' te, Mtlt)g xy mod nlzmV^Z\tfrt>, 3£i£A. 

15 #A, BHT^^n^g, ru X, YfrZm^ZZLmmizmWtC&Zo 

fex, 3e#a, k (=k') ^ f%n- w.^m<Dm£VT&m-? %>z\h\z 
iot, ^\zm^-?<D&mmifetuz> a 

Di f f ie-He 1 lman MH^f iim^JUte, -tfB b^^HSi^fc &A* U X— 3 
ytfi&%ifi. ^nzU^TMT<D£5lzmi'TZ>z:t&-T:gZ>o iftAtB^T 
20 ^^ir-^M^Diffie-HellmanMB»oim^JiitJ;oT, R£-^tbT3£mU G£ 
g#£Cl!m>UDiff ie-Hellman^fiWiim^Jii^jif £ rig^^j 

P= (F, (Ri), U, {Ki}, S [1-3]) 
25 tmm-e%Z>o i = l~37r^D, &fB#kt ^ltlWJDlc^T^^o 

F= {A (0), B (0), C (0), N (0), M (0), k (1), 
+ (2), E (2), D (2)} 
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&Z> 0 foT> A (0), B (0). C (0), N (0), M (0) «m^©fB^X 

mm-z&y)* znz&mtt&tcMzmmZ'&mfc^* k en 

k (1) fciU £#A, B<Z)ViTn^^^:S6rL«\ k (A) X«k (B) ibtft 

mwmm iru 

R1=R2 = R3= {D (x, E (x, y)) -^y} 

is x»$>z> 0 inn y&v&mmvitu&v&zE u, y) sm^rarn^ 

U= {x + y = y + x, (x + y) +z=x+ (y+z)} 
T&£o ^uTfe, r+j fflm-etifc<* Diffie-Hellman MBt^lif^JiS^ 
20 ViT^il-T^ m^M^l £^T„ ffl%. Diffie-HellmanMBt^ji^]HS(-*5V^ 

-TWV {K i} Us 

Kl= {A, B, k (A) +k (B) +N, k (A), N, M} 
K2= {A, B, k (A) +k (B) +N, k (B), N, 
25 E (k (A) +k (B) + N, M)} 

K3 = {a, B, C, k (A) +N, k (B) +N, k (C), N, 
E (k (A) +k (B) +N, M)} 

K1-K3H stn : ?ft±fcA~C<D±Uyz?X*&2>a ^AtBtOflT, 
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moimmtvTN, k (a) +n> k cb) +n, ms. fft^ffcsnfc^-t- 

S^E (k (A) +k (B) +N, M) ^&$n£££^e>, ^#C(D^-l/ 

s/s?k 3 izu^n^(Dmm^^tix^ 0 m^mc(D-rvv yK 3 k&wt, 

k (A) +N, k (B) +N tm^tlX^^ $#AtB £.<DT$(D9g^n§i. 
5 ©fccfewr, k (A) +N. k (B) +N ^tlftll O (DISSS <hbT3£M£ 
tot, gl^fCtek (A) +N^l^(DlffgibT^#T^.e:<J:«pJHg 
T&<5^\ ^(D$tJ&, gp-fek (A) £N£^££^£nW^£££ffi^§;i 
£teT?£&^ 0 E (k (A) +k (B) +N, M) KPbTfePUH^ m^MC 
teE (k (A) +k (B) +N, M) £ 1 0©4f^£bTlfc#T^£fcfr:m ^ 

10 ©^^it^^^t^-r^^v^ 

±#A^b^#C^T^^^<t^^^<Z)m-&S [1 — 3] 
S [1-3] = {M} 

±M\sti{m.mtz Diffie-Hellman m^mm^Mt<Dl$fcMmT&(Dmzt£ 

15 

• ^#:A^£^^®^UfeMiCx^ k (A) \Ztm 
- ^WBtf&M\zMRVtcM§ky\^ k (B) \z$m 
•X (X=g x mod n) \t. k (A) +N« 

• Y (Y=g y mod n) teu k (B) + NK:*fJfc 

20 • k (k = Y x mod n) k (A) + (k (B) +N) \ZttJfo 

• k' (k' =X y mod n) \Z, k (B) + (k (A) +N) fcjfefoS; 

k = k' 0^ffi14^e>, k (A) + (k (B) +N) =k (B) + (k 
(A) +N) &mfrtlZ>o Z\Z\T\ a+Nte, g a mod n 

25 j^±Tf3^bfe, u£^sfi¥jisp, mmznom-SF. mmrnm {ru, ^ 

v-J {KiK £rSU, S [ 1 ^ 3 ] \ji^Sfrt> 
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x^y?2 7(Dmmi)mft'&*iz>o m^miw^mo^m^ rA3 * m 

5 co4"^> M (SHEWS© **£*n.5tf>5J&>J £V>5£JKfc<fcBfTfcfc>ns. 
(HW92) 

:£fg0J£. Shamir \Z^xmm^nTc V>94 A - ^H (One-Time Pad) £ 
y>^-TA- A°^H(Dffg^l^J«> ^mi'J (E (k (A), E (k (B), 

io m» =e (k (b), e (k (a), M)» ^mrcrm^mm<DTx\ xomm (i) 
— (4) -eff^n^o 

(1) £#:Ate. itk (a) &mmvTW%wmM&^mmvTmt>ntzE 

(k (A), M) ^BlC3t«T^o 

(2) ^Bte, imVfrE (k (A), M) &Stk (B) ^fflbTBf^Ma 
15 UT#e>tlfcE (k (B), E (k (A), M)) ^AlCMfrT^o 

(3) 3&Afe. H#U/cE (k (B), E (k (A), M)) £itk (A) 
ffltTt#MlbT / #5nfcD (k (A), E (k (B), E (k (A), M))) 

(4) ^Btt, StftbfcD (k (A), E (k (B), E (k (A), M))) £ 

20 ^k (b) ^mvxu^mr^z.tiz^xm^mmM^m%-r^>^tf}^ 

3mM\*^m,-?n\£. D (k (B), D (k (A), E (k (B), E 
(k (A), M)))) =D (k (B), D (k (A), E (k (A), E (k (B), 
M)))) =D (k (B), E (k (B), M)) =M t.t£%> 0 
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mmmm irii 

E (x, E (y, z)) — E (x + y, z) 

E ( i d, x) -»■ x 

id+id ^ id 

5 (x + x) +y -* y 

tl/yS? (K i } fi, 
Kl = {A, B, k (A), i d, M, E (k (B). E (k (A), M))} 
K2= {A, B, k (B), i d, E (k (A), M), D (k (A), E (k (B), 
10 E (k (A), M)))} 

K3= {A, B, C, k (C), id, E (k (A), M), E (k (B"), E (k 
(A), M)), D (k (A), E (k (B), E (k (A), M)))} 

^jiTisiTjibfc, Pt^im^nip, mm^vM-SF, mmmrn m i h -f-v 
15 {k i k <&wu. mm&ttMtfz&mom'&s u— 3] a**ks*\ 

U±iz^x\ %m$M£.t£Z>m<DM£iS U — k] /WP£S^T& 
te, 7.7- y 7 2 7 <D9BMffiTt>nz>W. Z.(Dm^Z%S [j—k] £^5£#y>J 
25 — • ^--h^h><hbTfBizlibT, ttTrry*?* 0lZ&^TAl}VT&< Z\t 

£A^T££<h£Wc^\ JKD^^fe^^^^^^O^S [j-^k] £ 
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2 4(DM3/W3Cb&V^'&, 7f77'2 6~3 0 (DMW&nfrfSi^ZttVfc 
5 0 5 \Z^T£ O Kl^Hf" 5 Z. 1 1> PUT? & 5. H5IC*^T, 0 

-5 2, 5 6~6 ^n-fni2©^Tyy2 0-2 2, 2 6-3 1 

Xf7^5 3fc^ViT, CPUlii Xf7"/2 3 fcHttfcS'Sa.l/'— i'a > 

io %v>?izwmm. ®mt "o" hT^>c 

bTTO!bfcJ:5k:, t«£*l5:f-Wi?K i &g3TS*fc£fchy U - • a— h 
Yh>Ai* (n) ££j&U 7fy^5 3IC*ViTty hSnfc*^>^®« 

15 XT-yJS >3>»9tt, #^>*Offi^«£>i§3£b 

fcifi (f^«gftn0) -C*S^5*^*«J»f-rs. Jg^M (n0) TTi&nfct* 
^»/:/5 6K3£frU JtJtffi (n0) Tft ttn^T; f77 s 5 4HI?)o nmci; 
0 T, ^tHjIfc (nO) t*ft^y?5 4(Dmm&nfot>1£ZZ.£ij^%* 
bTilftft £ nfc^- l/7^Ki iJ--t-h-7h>Ai* (n 

20 o) «$ns. 

EI 5 lc:feV>Xte> 4£?R$ns^l/^^K i *3Kffi-rs«5#y U— • ^ 
h>Ai* (n) OJRS[tt**a»rirrfc, 40$aa&m^lH!ictT : ofe 

25 ^TfcV>fc«»r£nfc*£K:fck -*©*l»r«jEbV>. tot, 05 id 

zmrnvtcitf. »'J7^t^-: -y^^zmvxhmmz, &&&&& 
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£ (Delete. tCj;§M©^lli^SS-r^^^U- • 3*— 

h>^^T^)MS (13 2 ©7^7° 2 2) te> *h§i<DU 7 • s s7srk> 

25 <h&3. 
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15 ^(D&liE&^fcSZl^T?^. 
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1. mmm<DM^ mmffl\<Dm&* <m<DM&. moms, xxwe&*& 

10 IB^CD^ t &g.m-?Z>m 2 (D^#^y 'J - • 2-— h V h >Sr£j£T 5 :x 1/ 

2. MiciB^©*^, wymujam^ &s©*£, ^©m-^ mmmsm 
20 HufB^acDm'&cDTT, tutB^^s-a-^^a-r^B i <&&&tty u — • h 

S^S.^HufB^S<D^<7)TT:\ HufB^<Z)S^ S^i**^ 
BEB0>$fc& 2 CD#^#^y U - • h > £&J*T 5 

25 — >a>^ RtK 

fOTBfg 2 ©«5:#5/ U-'t-Kh MfB^S^ii^^^^SS-r 5 

3. fiJi3W»tB^©&£KJu Rt^^S, m^MS. Rtfffi(§MS£3?riIS2£IB 
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io &^T> 

mm&w&m&i)^ ^mmzfffe&mvfr&mm £T&m&x$> <o , 

5ry?\ SO* 

20 -h-?h >&&j$u 4 <E»#iC#y u--t-h-7h >^st sm^r^ 
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5 So 

10 fjm$mm£.tii2>mz. mmm&v&Qs 

7. Hffcf2^-©*-£> «$i»j<£>*^ as©*-^ 3t©m^ RimsM^ 

mmom^t^mr^m 2 ©^#y u- • h >*^frs^ 3 ©:/ 

m~t&m 3 ©#5£#:v u-'t-hvh > t bxfg 4 ©«5S#y u — • # 
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p£^AP-h\ 

is&fr &mm-r %m 4 © y d ^ a p - h 
15 xizmz z. t *mTM,m&^m t bxt^MT$> d , 

20 p ^ A £fB# LfeP > tf o.-^SM? D pJ^^fB^# 0 

10. mm^(DM^ mmmmom-s* 'am^m^ m<nm-&, mmm® 
p-h\ 

25 st-^sgio^ttyu— ^-h^h>^^-r^2o^p^^AP-b\ 
m^s:^BufB^S(Dm'&^TTf> mb^©*^ e>M3rr 5^ e»^sm-& ttti 
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1 1 . mmznom^ mwrnm^M-s, '£w<dm-&, i®m> Rm&^fcf 

15 HtflB^2 0D^#^/'J— • h^h>5&^ mii&&ttM£.?3L2>T%*%M~r %> 
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Fig. 2 
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Fig. 3 
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I -f r : 1 


mmm 




,4/AC : ^ 








i " 1 


Ao := 


A; i := 0; 


j ■= 0; 


S := 


pos(0; 




T := 


pos(r); 





mmm 



while 5 # 0 do 

#C©£:#;»fc-r^3?f 6>5S^i"S : Vp' eS. ph p' 

&<D$kW&mTc-t^7%.tty V - • >t— h ^ h ^ A+i/AC Srfr3H-<5: - • • (1) 

*ip=/(ti,. •-,*«) 

C(A i+1 /AC) = ({^ {/(c P i i > ..., cC) _ cf(j)}/A c)[£(^/AC)J 

i := t + 1; 
S:=S- {p}; 
od 

K(D3k{qr&mrcT^&.tt y y v — • h h > £ 0 /ac zm-w-tz 

£(Bo/AC) = ({^{cf-,d» } /Ac)[/:(A/AC)3 



while T^0 do 






ift-f-* : Vg' €T. g' >: g 




-b-^h^ Bj+i/AC £rfr3M-"5: • • • (2) 


n« =/(*i, ...,*«) <ot% 






.,d ?n «)}/Ac)tASi/AC)i 


j := j + 1; 




T:=T- {q}; 




od 




S^r := By, 




return B/_>. r /AC 
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/((Pl,9l),-- - ,(Pn,gn)) -+ (P,9) 


V/ g ^ \ G 

V/(pi,...,p„) -*pe^ 
V/(gi,-.. s g n ) -> g G ft B 




5((pl,9l),(p2,g2)) 0((P,Ql),9 2 ) 
5(Pl } (P2,?2)) -> (P,92> 


V#g£ 
Vgi,g 2 g Qi3 

V^(pi,P2) -» p G 




5((Pi,gi) } (P2 5 92)) -» P((**l,«l),(r2,«l)) 

0(pi>(p2>«)) -> 0(ri,(r 2 ,g 2 )) 


V^(pi,P2) -> g(ri,r 2 ) G fcx 


Kb 


#((Pl,4l)> -> S((Pl,?),P2) 

^(?i,(P2,?2)) -> (i>2,q) 


VPi,P2 € Q.4 




p((Pi,«l),(P2,«2)) p((Pi,ri),(p2,r 2 )) 
0(4ii(P2,&)) -» ff(ri,(p2,r 2 )) 


Vs(gi,g 2 ) -> P(ri,r 2 ) G 7^ 


Tig 


p((p, «0,«&) -+0((ri,(p,«2)) 
9((pi,q),P2) -» ff(pi,(p2,g)) 


Vpi,p2,p€ 
Vgi,g 2 ,g G Q B 
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